The US Department of Homeland Security is out to hack video game consoles, such as Xboxes, Wiis and PlayStations.

According to Foreign Policy, the US Navy has just awarded a $177,237 sole-source research contract to Obscure Technologies, a computer forensics company, to figure out how to hack the encryption that protects personal data on the consoles.

What the feds want from the deal, according to the contract with the US Navy: “hardware and software tools that can be used for extracting data from video game systems” and “a collection of data (disk images; flash memory dumps; configuration settings) extracted from new video game systems and used game systems purchased on the secondary market.”

According to Foreign Policy, law enforcement agencies contacted the Department of Homeland Security’s Science and Technology Directorate for help on a tool to examine gaming console data. DHS then asked the Naval Postgraduate School (NPS) to execute the contract and to lead the research.

It’s easy to dismiss these consoles as trivial games. But to law enforcement, they’re a potential treasure trove of forensic data.

As Foreign Policy points out, the government isn’t interested in the games themselves.

It’s the sophisticated platforms that could be a gold mine, given how they’ve evolved far beyond being simple entertainment purposes and now serve as all-purpose devices that can, for example, connect to Facebook or allow chatting with other players.

Once the DHS has cracked the encrypted devices, investigators will have access to data including when players were connected to the internet, the identity of those to whom they talked, the conversation logs of what was said, and the game that was played.

This data can help track down pedophiles, who often use online gaming communities as hunting grounds. A spokesman for DHS told Foreign Policy that there’s also a “suspicion” that terrorists are using online gaming to communicate.

Of course, on the flip side of catching pedophiles and terrorists lie privacy concerns.

Parker Higgins, a spokesman for the online privacy group the Electronic Freedom Foundation (EFF), told Foreign Policy that users might not realize the extent of the data that’s created and stored in their consoles:

"You wouldn't intentionally store sensitive data on a console. But I can think of things like connection logs and conversation logs that are incidentally stored data. And it's even more alarming because users might not know that the data is created."

"Taken in context, it could end up revealing more than you expect."

As Naked Security’s Lachlan Urquhart has pointed out, US police are already increasingly using online forums such as Xbox Live to communicate with suspected criminals and, reportedly, to record conversations.

And as Ars Technica reported in a January article on law enforcement’s use of online games to aid investigations, Microsoft has actually filed a patent on ways to intercept Internet calls, potentially including audio messages transmitted via gaming systems.

The US Privacy Act makes it illegal to poke at US citizens’ data in this manner, according to Simson Garfinkel, a computer science professor associated with the DHS project.

That’s why the government is pointing Obscure Technologies at gaming systems purchased outside the country.

Here’s what Garfinkel told Foreign Policy:

"This project requires the purchasing of used video game systems outside of the U.S. in a manner that is likely to result in their containing significant and sensitive information from previous users. We do not wish to work with data regarding US persons due to Privacy Act considerations. If we find data on US citizens in consoles purchased overseas, we remove the data from our corpus."

Getting data out of these systems is hard. A peek at the Ars Technica article reveals a host of quotes from frustrated investigators who’ve tried.

It’s certainly not impossible, though. As Foreign Policy points out, there have already been hacks that enable spying on users of the Xbox Kinect, a video-enabled add-on that reads body movement for interactive gaming.

Should law enforcement agents be given the rights to spy on gaming users? Given the allure of catching pedophiles and terrorists, it’s hard to imagine they won’t inevitably be granted such rights, Privacy Act or no.

Again, Privacy Act or no, it’s also naïve to think that law enforcement wouldn’t go ahead and use whatever spying technology they get out of the Obscure Technologies deal to hack into US citizens’ devices, given the rise of warrantless eavesdropping.

It’s time to stop thinking that what’s said and done on a game console doesn’t matter.

DHS’s move makes this clear: If you don’t want your conversations or activities monitored, don’t assume that a gaming console is going to keep them out of the increasingly watchful eye of the government.

Post navigation

About the author

Lisa has been writing about technology, careers, science and health since 1995. She rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash and joined the freelancer economy. Alongside Naked Security Lisa has written for CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output.

18 comments on “US government learning how to hack video game consoles”

I think their main concern is finding a way to charge people with illegal copies of games, and being able to trace contacts, and pull down pirate sites. Really you got a better chance of finding pedophiles on Facebook, but the police can't even do that right considering they are chasing a guy who updates his facebook while running and has managed to escape 2 times.

Government is wasting our money on a 3rd party instead of going to the source since Microsoft has a patent for this, and they created the system.

Reading Artfuls comment makes me laugh. I can just see the logs.

Terrorist 1: "Run in and just toss the bomb at your feet"
Terrorist 2: "Alright great plan"
Terrorist 1: "No, enter the room and throw it at your feet. You failed to kill yourself. Try again"
Terrorist 2: "Darn this is hard. I get shot up the moment I enter."

Exactly! There is something very wrong about this. If law enforcement is actually after suspected criminals they can get the key from MS or Sony but if they just want to monitor for the sake of monitoring then it's a different case.

I call shenanigans. The U.S. Navy, nor any other branch of the military or government is in charge of getting rid of pedos outside the U.S. Hell, the military isn't in charge of getting rid of pedos WITHIN the U.S. Sounds like once again someone is using "think of the children" to pass some dumbass nepotism contract for IT services that are most likely useless and certainly not worth six figures in sole-source funding. Of *course* they're sole source, everybody else is like "WTH are you talking about?" when the Navy approached them to hack gaming consoles for sensitive data.

You all didn't really think privacy was going to be like it was in, I don't know the 1950's??

Of course there won't be retaliation on some random log they hacked spouting nonsense. They are trying to put folks behind bars using any means they can within the law. The fact that they have reason to believe people are using game consoles is even worse than when they were just finding them in the chat sessions in America Online.

Just another reason I don't use consoles anymore, however, if you're not DOD wiping your hard drives (in any device with a HDD) before you sell them you're just dumb.

Also willing to bet Nintendo wasn't mentioned cause they don't use removable internal storage. Plus, who care about the data in a Wii? You gunna bust someone cause the last game they played was Mario Party?

Wipe a disk before trashing the computer?? not on your life.. you physically take it out and "smash it" beyond reading..
Don't want prosecuted for something that some hacker managed to load on my machine, and is found later..